Embed Size (px)
Citation preview
ANAN STANDARD ON AUDITINGASA(03)
THE AUDITOR'S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS
Issued by: ASSOCIATION OF NATIONAL ACCOUNTANTS OF
NIGERIA
31ST DECEMBER 2009
2
PREFACE
The Association of National Accountants of Nigeria was established in 1979, registered in 1983 under Land Perpetual Succession Act, and Chartered by Act formerly decree) No 76 of 1993(Now Cap A26 LFN, 2004)It was charged with general duty of:
A. Advancing the science of accountancy in Nigeriab. Determining the standard of knowledge and skill to be
attained by persons seeking to become registered members of the profession, and reviewing those standards, from time to time as circumstances may require
c. Promoting the highest standard of competence, practice and conduct among members of the profession,
d. Securing the establishment and maintenance of register of members of the profession and the publication, from time to time of list of those persons.
e. Doing such things as may advance and promote the advancement of the profession of accountancy in both the public and private sectors of the economy.
Globalization and rapid advancement in information management and the pace of dissemination inevitably engendered borderless business entities and growth of international business with the attendant consequence of the need for standardization of the financial reporting mechanism. As a professional member of the global community, we cannot afford to deviate from the global practice of adopting or adapting the standards issued by the International Auditing Standard Board.
Therefore the Council of the Association in pursuance of the aforementioned conviction has decided to adopt the standard issued by ISAB on the auditors responsibility to consider fraud in an audit of financial statements
3
Association of National Accountants of Nigeria 250, Herbert Macaulay Street Alagomeji Yaba, Lagos.P.M.B 1011 Yaba, LagosWeb site: www.anan.org.ngE-mail: [email protected]
4
EXPLANATORY NOTES & STATEMENT OF POLICY
It is highly recommended that members should adhere to the application of this standard as applicable to their assignments in relation to audit of pecuniary matters and any other pertinent issues with regard to operations of corporate business entities.
In light of recent high profile frauds involving those at the upper echelon of big organizations including Conglomerates, it has thus become incumbent on auditors for auditors to consider fraud as an issue in audit of Financial Statements.
It is pertinent to note that no part of this statement should be taken in isolation as the entire clauses are contiguous and should be taken together holistically. Under no circumstances should members apply their own judgment in preference to the imports of this standard without recourse to the association for clearance.
Members who intend to apply different judgment must present their basis to the Council of the Association for evaluation.
In the event of contradictions between the base law of the International Auditing Standards Board, on which any of its standards is premised and the relevant applicable laws in Nigeria, the affected standard would be structured in compliance with the Nigerian law. Users are therefore encouraged to digest all that are written in this AS A in order to be sufficiently guided.
Table of Contents
Pages1. Introduction 6-16
Scope of ASA:-
2. The Auditors Responsibilities 16-17
3. Risk Assessment Procedures 17-23
4. Identification and Assessment of the Risks of Material misstatement due to fraud 23-25
5. Responses
25-33
6. Business Rationale for Significant Transactions 33-34
7. Evaluation of Audit Evidence 34-36
8. Management Representations 36-42
9. Documentation 42-44
10(a)Risk Factors 44-48
(b)
11. Material misstatement due to fraud 50-58
12. Effective Date 58
to the Risks of Material Misstatement Due to Fraud
Relating to Misstatements Arising from Fraudulent Financial Reporting
Risk Factors Arising from Misstatements Arising from Misappropriation of Assets. 48-50
5
6
THE AUDITOR'S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS
Appendix I -.Examples of Fraud Risk Factors.
Appendix2: Examples of Possible Audit Procedures to Address the Assessed Risk of Material Misstatement Due to Fraud.
Appendix3: Examples of Circumstances that Indicate the Possibility of Fraud.
ANAN Standard on Auditing (ASA 03), "The Auditor's Responsibility to Consider Fraud in an Audit of Financial Statement," should be read in the context of the "Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services," which set out the application and authority of ASA.
INTRODUCTION
1. The purpose of this ANAN STANDARD ON AUDITING
(ASA 03), is to establish standards and provide guidance on the Auditor's responsibility to consider fraud in an audit of Financial Statements. The standards and guidance in this ASA 03 are intended to be integrated into the overall audit process.
2. The standard:
Distinguishes fraud from error and describes the two types of fraud that are relevant to the Auditor, that is, misstatements resulting from misappropriation of assets and misstatements resulting from fraudulent financial reporting;
7
describes the respective responsibilities of those charged with governance and the management of the entity for the prevention and detection of fraud, describes the inherent limitations of an audit in the context of fraud, and sets out there responsibilities of the Auditor for detecting material misstatement due to fraud.
Requires the Auditor to maintain an attitude of professionalskepticism recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the Auditor's past experience with the entity about the honesty and integrity of management and those charged with governance;
Requires members of the engagement team to discuss thesusceptibility of the entity's Financial Statement to materialmisstatement due to fraud and requires the engagement partner to consider which matters are to be communicated to members of the engagement team not involved in the discussion;
Requires the Auditor to:
Perform procedures to obtain information that is used to identify the risks of material misstatement due to fraud;
"Identify and assess the risks of material misstatement due to fraud at the Financial Statement level and the assertion level; and for those assessed risks that could result in a material misstatement due to fraud, evaluate the design of the entity's related control's including relevant control activities, and to determine whether they have been implemented;
Determine overall responses to address the risks of material misstatement due to fraud at the financial statement level and consider the assignment and supervision of personnel; consider the accounting policies used by the entity and incorporate an element of unpredictability in the selection of the nature, timing and extent of the audit procedures to be performed;
8
Design and perform audit procedures to respond to the risk of management override of control;
Determine response to address the assessed risks of material misstatement due to fraud;
Consider whether an identified misstatement may be indicative of fraud;
Obtain written representations from management relating to fraud; and
Communicate with management and those charged withgovernance;
Provides guidance on communications with regulatory and enforcement authorities;
Provides guidance if, as a result of a misstatement resulting from fraud or suspected fraud, the Auditor encounters exceptional circumstances that bring into question the Auditor's ability to continue performing the audit; and
Establishes documentation requirements.
3. In planning and performing the audit to reduce audit risk to an acceptably low level, the Auditor should consider the risks of material misstatements in the financial statements due to fraud.
Characteristics of Fraud
4. Misstatements in the Financial Statements can arise fromfraud or error. The distinguishing factor between fraud anderror is whether the underlying action that results in themisstatement of the Financial Statements is intentional orunintentional.
5. The term “error” refers to an unintentional misstatement inFinancial Statements, including the omission of an amountor a disclosure.
9
6. The term "fraud" refers to an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Although fraud is a broad legal concept, for the purpose of this A SA. the Auditor is concerned with Fraud that causes a material misstatement in the financial statements. Auditors do not make legal determinations of whether fraud has actually occurred. Fraud involving one or more members of management or those charged with governance is referred to as "management fraud" fraud involving only employees of the entity is referred to as "employee fraud." In either case, there may be collusion within the entity or with third parties outside of the entity.
7 . Two types of intentional misstatements are relevant to the Auditor, that is, misstatement resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets.
8. Fraudulent financial reporting involves intentional misstatements including omissions of amounts or disclosures in financial statement to deceive financial statement users.
9. Fraudulent financial reporting often involves management override of controls that otherwise may appear to be operating effectively.
10. Fraudulent financial reporting can be caused by the efforts of management to manage earnings in order to deceive financial statement users by influencing their perceptions as to the entity's performance and profitability. Such earnings management may start out with small actions or inappropriate adjustment of assumptions and changes in judgment by management. Pressures and incentives may lead these actions to increase to the extent that they result in fraudulent financial reporting. Such a situation could occur when, due to pressures to meet market expectations or a
10
desire to maximize compensation based on performance, management intentionally takes positions that lead to fraudulent financial reporting by materially misstating the financial statements. In some other entities, management may be motivated to reduce earnings by a material amount to minimize tax or to inflate earnings to secure bank financing.
11. Misappropriation of assets involves the theft of an entity's assets and is often perpetrated by employees in relatively small and immaterial amounts. However, it can also involve management who are usually more able to disguise or conceal misappropriations in ways that are difficult to detect.
Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing or have been pledged without proper authorization.
12. Fraud involves incentive or pressure to commit fraud, a perceived opportunity to do so and some rationalization of the act. Individuals are living to misappropriate assets for example, because the individuals are living beyond their means. Fraudulent financial reporting may be committed because management is under pressure, from source outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target- particularly since the consequences to management for failing to meet financial reporting or misappropriation of assets may exist when an individual believes internal control can be overridden.
Responsibilities of Those Charged with Governance and of Management
13. The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and with management. The respective responsibilities of those charged with governance and of management may
11
vary by entity and from country to country. In some entities, the governance structure may be more informal as those charged with governance may be the same individuals as management of the entity.
14. It is important that management, with the oversight of those charged with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to commit fraud because of the likelihood of detection and punishment.
15. It is the responsibility of those charged with governance of the entity to ensure, through oversight of management, that the entity establishes and maintains internal control to provide reasonable assurance with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. Active oversight by those charged with governance can help reinforce management's commitment to create a culture of honesty and ethical behaviour. In exercising oversight responsibility, those charged with governance consider the potential for management override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings in order to influence the perceptions of analysts as to the entity's performance and profitability.
16. It is the responsibility of management, with oversight from those charge with governance, to establish a control environment and maintain policies and procedures to assistin achieving the objectives of ensuring, as far as possible, the orderly and efficient conduct of the entity's business. This responsibility includes establishing and maintaining controls pertaining to the entity's objectives of preparing financial statements that give a true and fair view (or are presented fairly in all material respects) in accordance with the applicable financial reporting framework and managing risks
12
That may give rise to material misstatements in those financial statement.
Inherent Limitations of an Audit in the Context of Fraud
17. The objectives of an audit of financial statements is to enable the Auditor to express an opinion whether the Financial Statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with ASA.
18. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting a material misstatement resulting from error because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery deliberate failure to record transactions, or intention.; misrepresentations being made to the Auditor. Such attempt at concealment may be even more difficult :o detect when, accompanied by collusion. Collusion may cause the Auditor to believe that audit evidence is persuasive when it is, in fact, false. The Auditor's ability to detect a fraud depends on factors such as the skillfulness of the perpetrator, the frequency and extent of manipulation, the degree of collusion involved, the relative size of individual amounts manipulated, and the seniority of those individuals involved.
19. Furthermore, the risk material misstatement resulting from management fraud is greater than for employee fraud, because management is frequently in a position to directly manipulate accounting records and present fraudulent financial information.
13
Certain levels of management may be in a position to override control procedures designed to prevent similar frauds by other employees.
20.The subsequent discovery of a material misstatement of the financial statement resulting from fraud does not, in and of itself, indicate a failure to comply with ASA. This is particularly the case for certain kinds of intentional misstatements, since audit procedures may be ineffective f o r detecting an intentional misstatement that is concealed thorough collusion between or among one or more individuals among management, those charged with governance, employees, or third parties, or that involves falsified documentation.
Responsibilities of the Auditor for Detecting Material Misstatement due to Fraud
21.An Auditor conducting an audit in accordance with ASA obtains reasonable assurance that the financial statements taken as a whole are free material misstatement, whether caused by fraud or error. An Auditor cannot obtain absolute assurance tha t mater ia l miss ta tements in thefinancial statements will be detected because of such factors as the use of judgment, the use of testing, the inherent limitations of internal control and the fact that much of the audit evidence available to the Auditor is persuasive rather than conclusive in nature.
Professional Skepticism
22.The Auditor plans and performs an audit with an attitude of professional skepticism recognizing that circumstances may exist that cause the Financial Statements to be materially misstated.
14
Due to the characteristics of fraud, the Auditor's attitude professional skepticism is particularly important when considering the risks of material misstatement due to fraud. Professional skepticism is an attitude that includes a questioning mind and a critical assessment of audit evidence.
23. The Auditor should maintain an attitude of professional skepticism throughout the audit, recognized thepossibility that a material misstatement due to fraud couldexist, notwithstanding the Auditor's past experiencewith the entity about the honesty and integrity ofmanagement and those charged with governance.
24. The Auditor's previous experience with the entitycontributes to an understanding of the entity. However,although the auditor cannot be expected to fully disregardpast experience with the entity about the honesty andintegrity of management and those charged withgovernance, the maintenance of an attitude of professional skepticism is important because there may have been changes. When making inquiries and performing other audit procedures, the Auditor exercises professional skepticism and is not satisfied with less-than persuasive audit evidence based on a belief that management and those charged with governance are honest and have integrity.
25. An audit performed in accordance with ASA really involves the authentication of documents, nor is the Auditor trained as or expected to be an expert in such authentication. Furthermore, an Auditor may not discover the existence of a modification to the terms contained in a document, for example through a side agreement that management or third party has not disclosed to the Auditor during the audit, the Auditor considers the reliability of the information to be used as audit evidence including consideration of controls over its preparation and maintenance where relevant.
15
Discussion Among The Engagement Team
26. Members of the engagement team should discuss thesusceptibility of the entity's Financial Statements tomaterial misstatement due to fraud.
27. It is expected that members of the engagement team to discuss the susceptibility of the entity to materialmisstatement of the financial statements. This discussionplaces particular emphasis on the susceptibility of theentity's financial statements to material misstatement due tofraud. The discussion includes the engagement partnerwho uses professional judgment, prior experience with theentity and knowledge of current developments to determine which other members of the engagement team are included in the discussion. Ordinarily, the discussioninvolves the key members of the engagement team.
28. The engagement partner should consider which matters are to be communicated to members of the engagement team notinvolved in the discussion; all of the members of theengagement team do not necessarily need to informed of all of the decisions reached in the discussion. For example, a member of the engagement team involved in audit of a component of the entity may not need to know the decisions reached regarding another component of the entity
29. Discussing the susceptibility of the entity's Financial Statements to material misstatement due to fraud is an important part of the audit. It enables the Auditor toconsider an appropriate response to the susceptibility of theentity' financial statements to material misstatement due tofraud and to determine which members of his engagement team will conduct certain audit procedures. It also permits the Auditor to determine how the results of audit procedures will be shared among the engagement team and how to deal with any allegations of fraud that may come to the Auditor's attention. Many small audits are carried out entirely by the engagement partner (who may be a sole practitioner).
16
In such situations, the engagement partner, having personally conducted the planning of the audit, considers the susceptibility of the entity's Financial Statements to material misstatement due to fraud.
30. The discussion occurs with a questioning mind setting aside any beliefs that the engagement team members may have that management and those charged with governance are honest and have integrity. The discussion ordinarily includes:i An exchange of ideas among engagement team members
about how and where they believe the entity’s financial statements may be susceptible to material misstatement due to fraud, how management could perpetrate and conceal fraudulent financial reporting, and how assets of the entity could be misappropriated;
ii A consideration of circumstances that might be indicative of earnings management and the practices that might be followed by management to manage earnings that could lead to fraudulent financial reporting;
iii A consideration of the known external and internal factors affecting the entity that may create an incentive or pressure for management or others to commit fraud, provide the opportunity for fraud to be perpetrated, and indicate a culture or environment that enables management or others to rationalize committing fraud;
iv A consideration of management’s involvement in overseeing employees with access to cash or other assets susceptible to misappropriation;
v A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which have come to the attention of the engagement team;
vi An emphasis on the importance of maintaining a proper state of mind throughout the audit regarding the potential for material misstatement due to fraud;
vii A consideration of the types of circumstances that, if encountered, might indicate the possibility of fraud;
viii A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the audit procedures to be performed;
ix A consideration of the audit procedures that might be selected to respond to the susceptibility of the entity’s financial statement to material misstatements due to fraud and whether certain types of audit procedures are more effective than others;
x A consideration of any allegations of fraud that have come to the auditor’s attention; and
xi A consideration of the risk of management override of controls.
31. It is important that after the initial discussion while planning the audit, and also at intervals throughout the audit, engagement team members continue to communicate and share information obtained that may affect the assessment of risks of material misstatement due to fraud or the audit procedures performed to address these risks. For example, for some entities it may be appropriate to update the discussion when reviewing the entity's interim financial information.
Risk Assessment Procedures
32 Audit engagement team should obtain an understanding of the entity and its environment, including its internal control, System. As part of this work the Auditor should perform the following procedures to obtain information that is used to identify the risks of material misstatement due to fraud:
(a) Makes inquiries about those charged with governance, and of others within the entity as appropriate and obtains an understanding for how those charged with governance exercise oversight of management's processes for identifying and responding to the risks of fraud and the internal control and management as established to mitigate these risks.
17
(b) Considers whether one or more fraud risk factors are present.
(c) Considers any unusual or unexpected relationships thathave been identified in performing analytical procedures.
(d) Considers other information that may be helpful inidentifying the risk of material misstatement due tofraud.
Inquires and obtaining an understanding of oversight exercised by those charged with governance
33. When obtaining an understanding of the entity and its environments, including its internal control, the Auditor should make inquiries of management regarding:
(a) Management's assessment of the risk that the financial statements may be materially misstated due to fraud;
(b) Management's process for identifying and responding to the risks of fraud in the entity, including any specific risk fraud that management has identified or account balances, classes of transactions or disclosures for which a risk of fraud is likely to exist;
(c) Management's communication, if any, to these charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity; and
(e) Management's communication, if any, to employeesregarding its views on business practices and ethical behaviour,
18 19
34. As management is responsible for the entity's internal control and for the preparation of the financial statements, it is appropriate for the Auditor to make inquiries of management regarding management's own assessment of the risk of fraud and the controls in place to prevent and detect it.
3 5. In a small owner managed entity, the owner manager may b e able to exercise more effective oversight than in a larger entity, thereby compensating for the generally more limited opportunities for segregation of duties. On the other hand, the owner manager may be more able to override controls because of the informal system of internal control. This is taken into account by the Auditor when identifying the risks of material misstatement due to fraud.
36. When making inquiries as part of obtaining an understanding of management's process for identifying and responding to the risks of fraud in the entity, the Auditor inquires about the process to respond to internal or external allegations of fraud affecting the entity.
For entities with multiple locations, the Auditor inquires about the nature I and extent of monitoring of operating locations or business segments and whether there are particular operating locations or business segments for which a risk of fraud may be more likely to exist.
37. The Auditor should make inquiries of management,internal audit, and others within the entity as appropriate, todetermine whether they have knowledge of any actual,suspected or alleged fraud affecting the entity.
38. Although the Auditor's inquiries of management may provide useful information concerning the risks of material misstatements in the financial statementresulting from employee fraud, such inquiries areunlikely to provide useful information regarding the risks ofmaterial misstatement in the financial statementsresulting from management fraud. Making inquiries of
20
others within the entity, in addition to management, maybeuseful in providing the Auditor with a perspective that isdifferent from management and those responsible for thefinancial reporting process. Such inquiries mayprovide individuals with an opportunity to conveyinformation to the Auditor that may not otherwise becommunicated. The Auditor uses professional judgment indetermining those others within the entity to whominquiries are directed and the extent of such inquiries. Inmaking this determination, the Auditor considers whether others within the entity may be able to provide information that will be helpful to the Auditor in identifying the risks of material misstatement due to fraud.
39. The Auditor makes inquiries of internal audit personnel, f o rthose entities that have an internal audit function. The inquiries address the views of the internal Auditors regarding the risk of fraud, whether during the year the internal Auditors have performed any procedures to detect fraud, whether management has satisfactorily responded to any findings resulting from these procedures, and whether the internal Auditors have knowledge of any actual, suspected or alleged fraud.
40. Examples of others within the entity to whom the Auditor may direct inquiries about the existence or suspicion of fraud include:
Operating personnel not directly involved in the financial reporting process;
Employees with different levels of authority;
Employees involved in initiating, processing or recording complex or unusual transactions and those who supervise or monitor such employees;
In-house legal counsel;
Chief ethics officer or equivalent person; and
21
The person or persons charged with dealing withallegations of fraud.
41. The Auditor should obtain an understanding of how those
charged with governance exercise oversight of
management's processes for identifying and responding to
the risks of fraud in the entity and the internal control that
management has established to mitigate these risks.
42. Those charged with governance of an entity have oversight responsibility for systems for monitoring risk, financial control and compliance with the law.
43. Obtaining an understanding of how those charged with governance exercise oversight of management's processes for identifying and responding to the risks of fraud in the entity, and the internal control that management has established to mitigate these risks, may provide insights regarding the susceptibility of the entity to management fraud, the adequacy of such internal control and the competence and integrity of management. The Auditor may obtain this understanding by performing procedures such as attending meetings where such discussion take place, reading the minutes from such meetings or by making inquiries of those charged with governance.
44. The Auditor should make inquiries of those charged with governance to determine whether they have knowledge of am actual, suspected or alleged fraud affecting the entity.
45. The Auditor makes inquiries of those charged with, governance in part to corroborate the responses to the inquiries from management. When responses to these inquiries are inconsistent, the Auditor obtains additional audit evidence to resolve the inconsistencies. Inquiries of those charged with governance may also assist the Auditor in identifying risks of material misstatement due to fraud.
22
Consideration of Fraud Risk Factors
46. When obtaining an understanding of the entity and its environment, including its internal control, the auditor should consider whether the information's obtained indicates that one or more fraud risk factors are present.
47. The fact that fraud is usually concealed can make it very difficult to detect. Nevertheless, when obtaining an understanding of the entity and its environment. including its internal control, the Auditor may identifyevents or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud.
Consideration of Unusual or Unexpected Relationships
48. When performing analytical procedures to obtain an understanding of the entity and its environment,including its internal control, the Auditor should consider unusual or unexpected relationships that may indicate risks of material misstatement due to fraud.
49. Analytical procedures may be helpful in identifying the existence of unusual transactions or events, and amounts, ratios, and trends that might indicate matters that have financial statement and audit implications. In performing analytical procedures the Auditor develops expectations about plausible relationships of the entity and its environment, including its internal control. When a comparison of those expectations with recorded amounts, or with ratios developed from recorded amounts, yields unusual or unexpected relationships, the Auditor consider those results in identifying risks of material misstatement d u e to fraud. Analytical procedures include procedures related to revenue accounts with the objectives of identifying unusual or unexpected relationships that may indicate risks of material misstatement due to fraudulent financial reporting, such as, for example, fictitious sales or significant
23
returns from customers that might indicate undisclosed idea agreements.
Consideration of other Information
50. When obtaining an understanding of the entity and its environment, including its internal control, the Auditor should consider whether other information obtained indicates risks of material misstatement due to fraud.
51. in addition to information obtained from applying analytical procedures, the Auditor considers other information obtained about the entity and its environmentthat may be helpful in identifying the risk of material :r. is statement due to fraud. The discussion among team members described in paragraph 26-33 may provide information that is helpful in identifying such risks. In addition, information obtained from the Auditor's client acceptance and retention processes, and experience gained on other engagements performed for the entity, for example engagements to review interim financial information, mayBe relevant in the identification of the risks of material misstatement due to fraud.
Identification and Assessment of the Risks of Material Misstatement due to Fraud
52.When identifying and assessing the risks of material misstatement at the financial statement level, and at the assertion level for classes of transactions, account. balances and disclosures, the Auditor should identify and assess the risks of material misstatement due to fraud. Those assessed risks that could result in a material misstatement due to fraud are significant risk and accordingly, to the extent not already done so, the Auditor should evaluate the design of the entity's related controls including relevant control activities, and determine whether they have been implemented.
53.To assess the risks of material misstatement due to fraud theAuditor uses professional judgment and
24
(a) Identifies risk of fraud by considering the information obtained through performing riskassessment procedures and by considering theclasses of transactions, account balances and disclosures in the financial statements;
(b) Relates the identified risks of fraud to what can gowrong at the assertion level; and
(c) Considers the likely magnitude of the potentialmisstatement including the possibility that the riskmight give rise to multiple misstatements and thelikelihood of the risk occurring.
54.It is important for the Auditor to obtain an understanding ofthe controls that management has designed and implemented to prevent and detect fraud because in designing and implementing such controls, management may make informed judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume.
Risks of Fraud in Revenue Recognition
55. Material misstatements due to fraudulent financial reporting often result from an overstatement of revenues (for example, through premature revenue recognition or recording fictitious revenues) or an understatement of revenues (for example, through improperly shifting revenues to a later period). Therefore, the auditor ordinarily presumes that there are risks of fraud in revenue recognition and considers which types of revenue, revenue transactions or assertions may give rise to such risks. Those assessed risks of material misstatement due to fraud related to revenue recognition are significant risks to be addressed in accordance with paragraphs 52 and 56.
Appendix 2 includes examples of responses to the auditor's assessment of the risk of material misstatement due to fraudulent financial reporting resulting from revenue recognition. If the auditor has not identified, in a particular
25
circumstance, revenue recognition as a risk of material misstatement due to fraud, the auditor documents the reasons supporting the auditor's conclusion as required by paragraph 105.
Responses to the Risks of Material Misstatement due to Fraud
56. The Auditor should determine overall responses toaddress the assessed risks of material misstatementdue to fraud at the financial statement level and shoulddesign and perform further auditor procedures whosenature, timing and extent are responsive to the assessedrisks at the assertion level.
57. The Auditor should perform substantive procedures that arespecifically responsive to risks that are assessed assignificant risks.
58. The Auditor responds to the risk of material misstatement due to fraud in the following ways:
(a) A response that has an overall effect on how the audit is conducted, that is, increased professional skepticism and a response involving more general considerations apart from the specific procedures otherwise planned.
(b) A response to identified risks at the assertion level involving the nature, timing and extent of audit procedures to be performed.
(c) A response to identified risks involving the performance of certain audit procedures to address the risks of material misstatement due to fraud involving management override of controls, given the unpredictable ways in which such override couldoccur.
59. The response to address the assessed risks of material misstatement due to fraud may affect the Auditor's professional skepticism in the following ways:
26
(a) Increased sensitivity in the selection of the nature andextent of documentation to be examined in support of material transactions.
(b) Increased recognition of the need to corroborate management explanations or representationsconcerning material matters.
60. The Auditor may conclude that it would not be practicable to design Auditor procedures that sufficiently address the risk of material misstatement due to fraud. In such circumstances the Auditor considers the implications for the audit.(see para. 82 and 98)
Overall Responses
61. In determining overall responses to address the risk of material misstatement due to fraud at the financial statement level the Auditor should:
(a) Consider the assignment and supervision of personnel;
(b) Consider the accounting policies used by theentity; and
(c) Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures.
62. The knowledge, skill and ability of the individuals assigned significant engagement responsibilities are commensurate with the auditor's assessment of the risk of material misstatement due to fraud for the engagement. For example, the Auditor may respond to identified risk of material misstatement due to fraud by assigning additional individuals with specialized skill and knowledge, such as forensic and it experts, or b y assigning more experienced individuals to the engagement.
27
63. The Auditor considers management's selection and application of significant accounting policies, particularly those related to subjective measurements and complex transactions. The audit considers whether the selection and application of accounting policies may be indicated of fraudulent financial reporting resulting from management's effort to manage earnings in order to deceive financial statement user by influencing their perceptions as to the entity's performance and profitability.
64. Individuals within the entity who are familiar with the audit procedures normally performed on engagements may be more able to conceal fraudulent financial reporting. Therefore, the Auditor incorporates an element of unpredictability in the selection of the nature, extent and timing of audit procedures to be performed. This can be achieved by, for example, performing substantive procedures on selected account balances and assertions not otherwise tested due to their materiality or risk, adjusting the timing of audit procedure from that otherwise expected, using different sampling methods, and performing audit procedure at different locations or at locations on an unannounced basis.
Audit Procedures Responses to Risks of Material Misstatement due to Fraud at the Assertion Level
65. Auditor's responses to address the assessed risks of material misstatement due to fraud at the assertion level may include changing the nature, timing and extent of fraud procedure, in the following ways:
The nature of audit procedures to be performed may need to be changed to obtain audit evidence that is more reliable and relevant or to obtain additional corroborative information.
The timing of substantive procedures may need to be modified. The Auditor may conclude that performing substantive testing at or near the period end better
28
Addresses an assessed risk of material misstatement due to fraud. The Auditor may conclude that, given the risk of intentional misstatement or manipulation, audit procedures to extent audit conclusions from an interim date to the period end would not be effective.
The extent of the procedure applied reflects the assessment of the risks of material misstatement due to fraud. For example, increasing sample size or performing analytical procedures at a more detailed level may be appropriate. Also, computer-assisted audit techniques may enable more extensive testing of electronic transactions and account files.
66. If the Auditor identifies a risk of material misstatement due to fraud that affects inventory quantities, examining the entity's inventory records may help to identify locations or items that require specific attention during or after the physical inventory count.
67. The Auditor may identify a risk of material misstatement due to fraud affecting a number of accounts and assertions, including asset valuation, estimates relating to specific transactions (such as acquisitions, restructurings, or disposals of a segment of the business), and other significant accrued liabilities (such as pension and other post-employment benefit obligations, or environmental remediation liabilities).The risk may also relate to significant
changes in assumptions relating to recurring estimates. Information gathered through obtaining an understanding of the entity and its environment may assist the auditor in evaluating the reasonableness of such management estimates and underlying judgments and assumptions. A retrospective review of similar management judgments and assumptions applied in prior periods may also provide insight about the reasonableness of judgments and assumptions supporting management estimates.
29
68. Examples of possible audit procedures to address the assessed risks of material misstatement due to fraud are presented in Appendix 2 to this ISA. The appendix includes examples of responses to the auditor’s assessment of the risks of material misstatement resulting from both fraudulent financial reporting and misappropriation of assets.
Audit Procedures Responsive to Management Override of Controls
69. Management is in a unique position to perpetrate fraud because of management's ability to directly or indirectly manipulate accounting records and prepare to b e operating effectively. While the level of risk of management override of controls will vary from entity to entity, the risk is nevertheless present in all entities and is a significant risk of material misstatement due to fraud.(60)
70. Paragraphs 71-76 set out the audit procedures required to respond to risk of management override of controls. However, the Auditor also considers whether there are risk of management override of control which the Auditor needs to perform procedures other than those specifically referred to in these paragraphs.
71. To Respond to the Risk of Management Override of Controls, the Auditor Should Design and Perform Audit Procedures to:
(a) Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of financial statements;
(b). Review accounting estimates for biases that could result in material misstatement due to fraud; and
(c). Obtain an understanding of the business rationale of significant transactions that the Auditor becomes for the entity, or that otherwise appear to be unusual given the Auditor's understanding of the entity and its environment.
30
72.Journal Entries and Other Adjustments
Material misstatements of financial statements due to fraud often involve the manipulation of the financial reporting process by recording inappropriate or unauthorized journal entries throughout the year or at period end, or making adjustments to amounts reported in the financial statement that are not reflected in formal journal entries, such as through consolidating adjustments and reclassifications. In designing and performing audit procedures to test the appropriateness of journal entries records in the general ledger and other adjustments made in the preparation of the financial statements the audit:
a. Obtain an understanding of the entity's financial reporting process and the controls over journal entries and other adjustments;
b. Evaluates the design of the controls over journal entries and other adjustment and determines whether they have been implemented;
c. Makes inquires of individuals involved in the financial reporting process about inappropriate or usual activity relating to the processing of journal entries and other adjustments;
d. Determines the timing of the testing; ande. Identifies and selects journal entries and other
adjustments for testing.
73.For the purposes of identifying and selecting journal entries and other adjustment for testing and determining the appropriate method of examining the underlying support for the items selected, the Auditor considers the following:The assessment of the risk of material misstatement due to fraud- the presence of fraud risk factors and other information obtained during the auditor's assessment of the risks of materials misstatement due to fraud may assist the Auditor to identify specific classes of journal entries and other adjustment for testing.
31
Controls that have been implemented over journal entries and other adjustment- effective controls over the preparation and posting of journal entries and other adjustments may reduce the extent of substantive testing necessary, provided that the Auditor has tested the operating effectiveness of the controls.The entity's financial reporting process and the nature of evidence that can be obtained- for many entities routine processing of transaction involves a combination of manual and automated steps and procedures. Similarly, the processing of journal entries and other adjustments may involve both manual and automated procedures and controls. When information technology is used in the financial reporting process, journal entries and other adjustments may exist only in electronic form. The characteristics of fraudulent journal entries or other adjustments- inappropriate journal entries or entries or other adjustments often have unique identifying characteristics. Such characteristics may include entriesa. Made to unrelated, usual, or seldom-used accounts,b. Made by individuals who typically do not make journal
entries,c. Recorded at the end of the period or as post-closing
entries that have little or no explanation or description, d. Made either before or during the preparation of the
financial statement that do not have account numbers, or
e. Containing round numbers or consistent ending numbers.
The nature and complexity of the accounts-inappropriate journal entries or adjustment may be applied to accounts thati Contain transaction that are complex or unusual in
nature, ii Contain significant estimates and period-end
adjustment, iii Have been prone to misstatements in the past,iv Have not been reconciled on a timely basis or contain
unreconciled differences,
32
v Contain inter - company transactions, orvi Are otherwise associated with an identified risk of
material misstatement due to fraud. In audits of entries that have several locations or components, Consideration is given to the need to select journal entries from multiple locations.
Journal entries or other adjustments processed outside the normal course of business-non standard journal entries may not be subject to the same level of internal control as those journal entries used on a recurring basis to record transaction such as monthly sales, purchases and cash disbursements.
74. The Auditor uses professional judgment in determining the nature, timing and extent of testing of journal entries and other adjustment are often made at the end of a reporting period, the Auditor ordinarily selects the journal entries and other adjustments made at that time. However, because material misstatements in financial statement due to fraud can occur through the period and may involve extensive efforts to conceal how the fraud is accomplished, the Auditor considers whether there is also a need to test journal entries and other adjustments throughout the period.
Accounting Estimates75. In preparing financial statements, management is
responsible for making a number of judgments or assumptions that affect significant accounting estimates and for monitoring the reasonableness of such estimates on an ongoing basis. Fraudulent financial reporting is often accomplished through intentional misstatement of accounting estimate for biases that could result in material misstatement due to fraud. The Auditor:a. Considers whether differences between estimate best
supported by audit if evidence and the estimates include in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the
Entity's management, in which case the Auditor reconsiders the estimates taken as a whole; and
b. Performs a retrospective review of management judgments and assumptions related to significant accounting estimates reflected in the financial statements of the prior year. The objective of this review is to determine whether there is an indication of a possible bias on the part of management.
76. If the Auditor identifies a possible bias on the part of management in making accounting estimates, the Auditor evaluates whether the circumstances producing such as bias represent a risk of material misstatement due to fraud. The Auditor consider whether, in making accounting estimates, management's actions appear to understate or overstate all provisions or reverses in the same fashion so as to be designed either to smooth earnings level in order to deceive financial statement users by influencing their perceptions as to the entity's performance and profitability.
Business Rationale for Significant Transactions.77.The Auditor obtains an understanding of the business
rationale for significant transactions that are outside the normal course of business for the entity or that otherwise appear to be unusual given the {Auditor's understanding of the entity and its environment and other information obtained during the audit. The purpose of obtaining this understanding is to consider whether the rationale (or the lack thereof) suggests that the transactions may have been entered into to engage in fraudulent financial reporting or to conceal misappropriate of assets. In gaining such an understanding the Auditor considers the followings:
Whether the form of such transaction appears overly complex (for example, the transaction involves multiple entities within a consolidated group or multiple third parties).
33
34
Whether management has discussed the nature of and accounting for such transactions with those charged with governance of the entity, and whether there is adequate documentation. Whether management is placing more emphasis on the need for a particular accounting treatment than on the underlying economics for the transaction.Whether transaction that involves non-consolidated relation parties, including special purpose entities, have been properly reviewed and approved by those charged with governance of the entity.Whether the transactions involve previously unidentified related parties or parties that do not have the substance or the financial strength to support the transaction without assistance from the entity under audit
Evaluation of Audit Evidence78. The Auditor, based on the audit procedures performed and
the audit evidence obtained, evaluates whether the assessments of the risks of material misstatement at the assertion level remain appropriate.This evaluation is primarily a qualitative matter based on the Auditor's judgment.
79.An Audit of financial statement is a cumulative and iterative process. As the Auditor performs planned audit procedures information may come to the Auditor's attention that differs significantly from the information on which the assessment of the risk of material misstatement due to fraud was based.
80.The Auditor should consider whether analytical procedures that are performed at or near the end of the audit when forming an overall conclusion as to whether t h e financial statement as a whole are consistent with the auditor's knowledge of the business indicate a previouslyunrecognized risk of material misstatement due to fraud. Determining which particular trends and relationships may indicate a risk of material misstatement due to fraud require
Professional judgment. Unusual relationship involving year end revenue and incomes are particularly relevant. These might include, for example, uncharacteristically large amounts of income being reported in the last few weeks of the reporting period or unusual transactions; or income that is inconsistent with trends in cash flow from operations.
81.When the Auditor identifies a misstatement, the Auditor should consider whether such is an identification, the Audi to r shou ld cons ide r the impl ica t ions o f misstatement in relation to other aspects of the audit, particularly the reliability of management representations.
82.When the Auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud; the Auditor should consider the implications for the audit.
83.The Auditor cannot assume that an instance of fraud is an isolated occurrence. The Auditor also considers whether misstatements identified may be indicative of a higher risk of material misstatement due to fraud at a specific location. For example, numerous misstatements at a specific location, even though the cumulative effect is not material, may be indicative of a risk of material misstatement due to fraud.
84.If the Auditor believes that a misstatement is or may be the result of fraud, but the effect of the misstatement is not material to the financial statements, the auditor evaluates the implications, especially those dealing with the organizational position of the individual(s) involved. For example, fraud involving a misappropriation of cash from a small petty cash fund normally would be of little significance to the Auditor in assessing the risks of material misstatement due to fraud because both the manner of operating the fund and its size would tend to establish a limit on the amount of potential loss, and the custodianship of such funds normally is entrusted to a non-management employee. Conversely, if the matter involves higher-level management, even though the amount itself is not material to the financial statements, it may be
35
36
indicative of a more pervasive problem, for example, implications about the integrity of management. In such circumstances, the Auditor re-evaluates the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing, and extent of audit procedures to respond to the assessed risks. The Auditor also reconsiders the reliability of evidence previously obtained since there may be doubts about the completeness and truthfulness of representations made and about the genuineness of accounting records and documentation. The Auditor also considers the possibility of collusion involving employees, management or third parties when reconsidering the reliability of evidence.
Management Representations85. The Auditor should obtain written representations from
management that:a. It acknowledges its responsibility for the design and
implementation of internal control to prevent and detect fraud;
b. It has disclosed to the Auditor the results of its assessment of the risk that the financial statements may be materially misstated as a result of fraud;
c. It has disclosed to the Auditor its knowledge of fraud or suspected fraud affecting the entity involves:i). Management;ii). Employees who have significant roles in
internal control; oriii). Others where the fraud could have a material
effect on the financial statements;and
d. It has disclosed to the Auditor its knowledge of any allegations of fraud, or suspected fraud, affecting the entity's financial statements communicated by employees, forma employees, analysis, regulators or others.
86. “Management Representations” provides guidance on obtaining appropriate representations from management in the audit. In addition to acknowledging its responsibility for the financial statements, it is important that, irrespective of the size of the entity, management acknowledges its responsibility for internal control designed and implemented to prevent and detect fraud.
87. Because of the nature of fraud and the difficulties encountered by Auditors in detecting materialsmisstatements in the financial statements, resulting from fraud, it is important that the Auditor obtains a written representation from management confirming that it has disclosed to the Auditor the results of management's assessment of the risk that the financial statements may be materially misstated as a result of fraud and its knowledge of actual, suspected or alleged fraud affecting the entity.
Communication with Management and Those Charged with Governance88. If the Auditor has identified a fraud or has obtained
informat ion that indicates that a f raud mayexist, the auditor should communicate these matters as soon as practicable to the appropriate level of management.
89. When the Auditor has obtained evidence that frauds exist or may exist, it is important that the matter be brought to theattention of the appropriate level of management as soon as practicable. This is so even if the matter might be considered inconsequential (for example, a minor defalcation by an employee at a low level in the entity’s organization). The determination of which level of management is the appropriate one is a matter of professional judgment and is affected by such factors as the likelihood of collusion and the nature and magnitude of the suspected fraud. Ordinarily, the
37
39
94.The Auditor should make those charges with governance and management aware, as soon as practicable, and at the appropriate level of responsibility, of material weakness in the design or implementation of internal control t prevent and detect fraud which may have come to the Auditor's attention.
95. If the Auditor identifies a risk of material misstatement of the financial statements due to fraud, which management has either not controlled, or for which the relevant control is inadequate, or if in the Auditor's judgment there is a material weakness in management's risk assessment process, the Auditor include such internal control deficiencies in the communication of audit matters of governanceinterest.
96. The Auditor should consider whether there are any other matters related to fraud to be discussed with those charged with governance of the entity. Such matters may include for example:i Concerns about the nature extent and frequency of
management's assessments of the controls in place to prevent and detect fraud and of the risk that the financial statements may be misstated.
ii A failure by management to appropriately address identified material weakness in internal control.
iii A failure by management to appropriately respond to an identified fraud.
iv The Auditor's evaluation of the entity's control environment, including questions regarding the competence and integrity of management.Actions by management that may be indicative of fraudulent financial reporting, such as management's selection and application of accounting policies that nay be indicative of management's effort to manage earnings in order to deceive financial statement users by influencing their receptions as to the entity's performance and profitability.
38
appropriate level of management is at least one level above the persons who appear to be involved with the suspected fraud.
90. If the Auditor has identified fraud involvingi). Management;ii). Employees who have significant roles in internal
control; oriii). Others where the fraud results in material misstatement in the financial statements,
The Auditor should communicate these matters to those charged with governance as soon as practicable.91. The Auditor's communication with those charged with
governance may be made orally or in writing. Due to the nature and sensitivity of fraud involving senior management, or fraud that result such matters as soon as practicable and considers whether it is necessary to also report such matters in writing. If the auditor suspects fraud involving management, the Auditor communicates these suspicions to those charged with governance and also discusses with them the nature, timing and extent of audit procedures necessary to complete the audit.
92. If the integrity or honesty of management or those charged with governance is doubted, the Auditor considers seeking legal advice to assist in the determination of the appropriate course of action.
93. At an early stage in the audit, the Auditor researches an understanding with those charged with governance about the nature and extent of the Auditor's communications regarding fraud that the Auditor becomes aware of involving employees other than management that does not result in amaterial misstatement.
40
concern about the adequacy and completeness of the authorization of transactions that appears to be outside the normal course of business.
Communication to Regulatory and Enforcement Authorities97. The Auditor's professional duty to maintain the
confidentiality of client information may precludereporting fraud to a party outside the client entity. The Auditor considers obtaining legal advice to determine the appropriate course of action in such circumstances. The Auditor's legal responsibilities vary by country and in certain circumstances; the duty of confidentiality may be overridden by statute, the law or courts of law. For example, in some countries, the Auditor of a financial institution has astatutory duty to report the occurrence of fraud to supervisory authorities. Also, in some cases wheremanagement and those charged with governance fail to take corrective action.
Auditor Unable to Continue the Engagement98. If, as a result of a misstatement resulting from fraud or
suspected fraud, the auditor encounter exceptional circumstances that bring into question the Auditor's ability to continue performing the audit the Auditor should:a. Consider the professional and legal responsibilities
applicable in the circumstances, including whether there is a requirement for the Auditor to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities.
b. Consider the possibility of withdrawing from the engagement; and
c. If the Auditor withdraws:(i) Discuss with the appropriate level of management
and those charged with governance the Auditor's
Withdrawal from the engagement and the reasons for the withdrawal; and(ii) Consider whether there is a professional or legal
requirement to report to the person or persons who made the audit appointment or, in some cases, to regularly authorities, the Auditor's withdrawal from the engagement and the reasons for the withdrawal.
99. Such exceptional circumstances can arise, for example, when:a. The entry does not take the appropriate action regarding
fraud that the auditor considers necessary in the circumstances, even when the fraud is not material to the financial statement;
b. The Auditor's consideration of the risks of material misstatement due to fraud and the results of audit tests indicate a significant risk of material and pervasive fraud; or
c. The Auditor has significant concern about the competence or integrity of management or those charged with governance.
100.Because of the variety of the circumstances that may arise, it is not possible to describe definitively when withdrawal from an engagement is appropriate. Factors that affect the Auditor's conclusion include the implications of the involvement of a member of management or of those charged with governance (which may affect the reliability of management representations) and the effects on the Auditor of a continuing association with the entity.
101.The Auditor has professional and legal responsibilities in such circumstances and these responsibilities may vary by country. In some countries, for example, the Auditor may be entitled to, or required to, make a statement or report to the person or persons who made the Audit appointment or, in
41
42
some cases, to regulatory authorities. Given the exceptional nature of the circumstances and the need to consider the legal requirements, the Auditor considers seeking legal advice when deciding whether to withdraw from an engagement and in determining an appropriate course of action, including the possibility of reporting to shareholders, regulators or others.
DOCUMENTATION102.The documentation of the Auditor's understanding of the
entity and its environment and the auditor's assessment of the risks of material misstatement should include:a. The significant decisions reached during the discussion
among the engagement team regarding the susceptibility of the entity's financial statements to material misstatement due to fraud; and
b. The identified and assessed risks of material misstatement due to the fraud at the financial statement level and at the assertion level.
103.The documentation of the Auditor's responses to the assessed risks of material misstatement should include:a. The overall responses to the assessed risks of material
misstatements due to fraud at the financial statement level and the nature, timing and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level; and
b. The results of the audit procedures, including those designed to address the risk of management override of controls.
104.The Auditor should document communications about fraud made to management, those charged with governance, regulators and others.
105.When the Auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related
to revenue recognition is not applicable in the circumstances of the engagement, the auditor should document the reasons for that conclusion.
106.Then extent to which these matters are documented is for the Auditor to determine using professional judgment.
Public Sector Perspectivei ASA applicable in all material respects to audits of public
sector entities.ii In the public sector the scope and nature of the audit relating
to the prevention and detection of fraud may be affected by legislation, regulation, ordinances or ministerial directives. The terms of the mandate may be a factor that the Auditor needs to take into account when exercising judgment.
iii Requirements for reporting fraud, whether or not discovered through the audit process often may be subjected to specific provisions of the audit mandate or related legislation or regulation in line with para 97.
iv In many cases in the public sector the option of withdrawing from the engagement as suggested in paragraph 98 of the ASA nay not be available to the Auditor due to the nature of the mandate or public interest considerations.
Examples of Fraud Risk FactorsThe fraud risk factors identified in this Appendix are examples of such factors that may be faced by Auditors in a broad range of situations. Separately presented are examples relating to the two types of fraud relevant to the Auditors consideration, that is, fraudulent financial reporting and misappropriation of asserts. For each of these types of fraud, the risk factors are further classified based on the three condition generally present when material misstatements due to fraud occur: (a) Incentives/Pressures, (b) Opportunities, and
43
44
(c) Attitudes/Rationalizations. Although the risk factors cover a broad range of situations, they are only example and, accordingly, the Auditor may identify additional or different risk factors.
107. Risk Factors Relating to Misstatements Arising from Fraudulent Financial ReportingThe following are examples of risk factors relating to misstatements arising form fraudulent financial reporting:Incentives/Pressures
A Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by) the following:i High degree of competition to market saturation,
accompanied by declining margins.ii High vulnerability to rapid change such as changes in
technology, product obsolescence, or interest rates.iii Significant declines in customer demand and increasing
business failures in either the industry or overall economy.
iv Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent.
v Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth.
vi Rapid growth or unusual profitability especially compared to that of other companies in the same industry.
vii New accounting, statutory, or regulatory requirements.
B Excessive pressure exists for management to meet the requirements or expectations of third parties due to thefollowing:Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic) including expectations
45
created by management in, for example, overly optimistic press release or annual report messages.Need to obtain additional debt or equity financing to stay competitive, including financing of major research and development or capital expenditures.Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements.Perceived or real adverse effects of reporting poor financial results on significant pending transactions,
such as business combinations or contact awards.
C Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity's financial performance arising from the following:
Significant financial interests in the entity.Significant portions of their compensation (for example, bonus stock options, and earn out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow. Personal guarantees of debts of the entity.
D There is excessive pressure on management or operating personnel to met financial targets established by those charged with governance, including sales or profitability incentive goals.
OpportunitiesE The nature of the industry or the entity's operations provides
opportunities to engage in fraudulent financial reporting that can arise from the following:i Significant related party transactions not in the ordinary
course of business or with related entities no audited or audited by another firm.
46
ii A strong financial presence of ability to dominate a certain industry sector that allows the entry to dictate terms or conditions to suppliers or customers that may result in inappropriate or non arms length transactions.Assets, liabilities, revenues, or expenses based on significant estimates that involve subjectivejudgments or uncertaintities that are difficult to corroborate.
iii Significant, unusual, or highly complex transactions, especially that close to period end that pose difficult "substance over form" questions.
iv Significant operations located or conducted across international borders in jurisdictions where differing business environment and cultures exist.
v Use of business intermediaries for which there appears to be no clear business justification.
vi Significant bank accounts or subsidiary or branch operations in tax haven jurisdictions for which there appears to be no clear business justification.
F There is ineffective monitoring of management as a result of the following:i Domination of management by a single person or small
group (in a non owner managed business) without compensating controls.
ii Ineffective oversight by those charged with governance over the financial reporting process and internal control.
G There is a complex or unstable organizational structure, as evidenced by the following:i Difficulty in determining the organization or individuals
that have controlling interest in the entity.ii Overly compel organizational structure involving
unusual legal entities or managerial lines of authority. iii High turnover of senior management, legal counsel, or
those charged with governance.
47
H Internal control components are deficient as a result of the following:i Inadequate monitoring of controls, including automated
controls and controls over interim financial reporting (where external reporting is required).High turnover rates or employment of ineffective accounting, internal audit, or information technology staff.
ii Ineffective accounting and information systems, including situations involving material weaknesses in internal control.
I Attitudes/Rationalizationsi Ineffective communication, implementation, support,
or enforcement of the entity's values or ethical standard by management or the communication of inappropriate value of ethical standards
ii Non-financial management's excessive participation no preoccupation with the selection of accounting police or the determination of significant estimates.
iii Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or those charged with governance alleging frauds or violations of laws and regulations.
iv Excessive interest by management in maintaining or increasing the entity's stock price or earning trend.
v A practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts.
vi Management failing to correct known material weaknesses in internal control on a timely basis.
vii An interest by management in employing inappropriate means to minimize reported earnings for tax-motivated reasons.
viii Low morale among senior managementThe owner-manager makes no distinction between
48
personal and business transactions.ix Dispute between shareholders in a closely held entityx Recurring attempts by management to justify marginal
or inappropriate accounting on the basis of materiality.xi The relationship between management and the current
or predecessor Auditor is strained, as exhibited by the following.
xii Frequent disputes with the current or predecessor auditor on accounting auditing or reporting matters.
xiii Unreasonable demands on the auditor, such as unreasonable time constraints regarding the completion of the audit or the issuance of the Auditor's report.
xiv Formal or informal restrictions on the Auditor that inappropriately limit access to people or information or the ability to communicate effectively with those charged with governance.
xv Domineering management behavior in dealing with the Auditor especially involving attempts to influence the scope of the Auditor's work or the selection or continuance of personnel assigned to or consulted on the audit engagement.
108.Risk Factors Arising from Misstatements Arising from Misappropriation of Assets.
A Risk factors that relate to misstatement arising from misappropriation of assets are also classified according to the three conditions generally present when fraud exist:i Incentives/pressures.ii Opportunities andiii Attitudes/rationalizations.
Some of the risk factors related to misstatement arising from fraudulent financial reporting also may be present when misstatements arising from misappropriation of assets occur. For example, ineffective monitoring of management and weaknesses in internal control may be present when misstatements due to
49
either fraudulent financial reporting or misappropriation of assets exist, the following are examples of risk factors related to misstatement arising from misappropriation of assets.
B Incentives/Pressuresi Personal financial obligations may create pressure on
management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.
ii Adverse relationship between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse relationships may be created by the following:
iii Known or anticipated future employee layoffs.iv Recent or anticipated changes to employee compensation ort
benefit plansv Promotions, compensation, or other rewards inconsistent
with expectation
C Opportunitiesi Certain characteristics or circumstances may increase the
susceptibility of assets to misappropriation. For example, opportunities to misappropriate asset increase when there are the following:
ii Large amounts of cash on hand or proceed.iii Inventory items that are small in size, of high value, or in
high demandiv Easily convertible assets, such as bearer bonds, diamonds, or
computer chipsv Fixed assets which are small in size, marketable, or lacking
observable identification of ownership.
D Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets. For example, misappropriation of assets may occur because there is the following:
50
i Inadequate oversight of senior management expenditure., such as travel and other reimbursementimbursements.
ii Inadequate management oversight of employees responsible for assets, for example, inadequate supervision or monitoring or remote locations
iii Inadequate job applicant screening of employees with access to assets
iv Inadequate system of authorization and approval of transactions for example, in purchasing.
v Inadequate physical safeguard over cash, investments, inventory, or fixed assets.
vi Lack of complete and timely reconciliations of asset.vii Lack of timely and appropriate documentation of
transactions, for example, credits for merchandise returns.
viii Lack of mandatory vacations for employees performing key control functions.
ix Inadequate management understanding of information technology, which enables information technology employees to perpetrate a misappropriation.
x Inadequate access control over automated records, including controls over and review of computer systems event logs.
E. Attitudes/Rationalizationsi Disregard for the need for monitoring or reducing risk
related to misappropriations of assets.ii Disregard for internal control over misappropriation of
assets by overriding existing controls or by failing to correct known internal control deficiencies
iii Behaviour indicating displeasure or dissatisfaction with the entity or its treatment of the employee.
iv Changes in behaviour or lifestyle that may indicate assets have been misappropriated.
v Tolerance of petty theft
51
109.Example of Possible Audit Procedures to Address the Assessed Risks of Material Misstatement due to Fraud
The following are examples of possible audit procedures to address the assessed risks of material misstatement due to fraudresulting from both fraudulent financial reporting and misappropriation of assets.
A Consideration at the Assertion LevelSpecific responses to the Auditor's assessment of the risks of material misstatement due to fraud will vary depending upon the types or combinations of fraud risk factors or conditions identified, and the account balances, classes of transactions and assertions they may affect.
The following are specific example of responses:i Visiting locations or performing certain tests on a
surprise or unannounced basis. For example observing inventory at locations where Auditor attendance has not been previously announced or counting cash at a particular date on a surprise basis.
ii Requesting that inventories be counted at the end of the reporting period or on a date closer to period end to minimize the risk of manipulation of balances in the period between the date of completion of the count and the end of the reporting period.
iii Altering the audit approach in the current year. For example, contacting major customers and supplierorally in addition to sending written confirmation, sending conformation requests to a specific party within an organization, or seeking more or different information.
iv Performing a detailed review of the entity's quarter-end or year-end adjusting entries and investigating any that appear unusual as to nature or amount.
52
v For significant and unusual transaction, particularly those occurring at or near year-end, investigation of the possibility of related parties and the sources of financial resources supporting the transactions.
vi Performing substantive analytical procedures using disaggregated data. For example, comparing sales and cost of sales by location, line of business or month to expectation developed by the auditors.
vii Conducting interviews of personnel involved in areas where a risk of material misstatement due to fraud has been identified, to obtain their insights about the risk and whether or how, controls address the risk.
viii When other independent Auditors are auditing the Financial Statements of one or more subsidiaries, divisions or branches discussing with them the extent of work necessary to be performed to address the risk of material misstatement due to fraud resulting from transactions and activities among these components.
ix If the work of an expert becomes particularly significant with respect to a Financial Statement item for which the risk of misstatement due to fraud is high performing additional procedures relating to some or all of the expert's assumptions, methods or findings to determine that the findings are not unreasonable, or engaging another expert for that purpose.
x Performing audit procedures on account or other reconciliations prepared by the entity, including considering reconciliations performed at interim periods.
xi Performing computer-assisted techniques, such as data mining to test for anomalies in a population.
xii Testing the integrity of computer-produced record and transactions.
xiii Seeking additional audit evidence from sources outside of the entity being audited.
53
B Specific Responses- Misstatement Resulting from-Fraudulent Financial Reporting Example of responses to the Auditor' assessment of the risk of material is statement due to fraudulent financial reporting are as follows:C Revenue Recognitioni Performing substantive analytical procedure relating to
revenue using disaggregated data, for example, comparing revenue reported by month and by product line or business segment during the current reporting period with comparable prior period. Computers-assisted auditor techniques may beuseful in identifying usual or unexpected revenue relationships or transactions.
ii Confirming with customer certain relevant contract terms and the absence of side agreement, because the appropriate accounting often is influenced by such terms or agreements and basis for rebates or the period to which they relate are often poorly documented. For example, acceptance criteria, delivery and payment terms, the absence of future or continuing vendor obligations, the right to return theproduct, guaranteed resale amounts, and cancellation or refund provisions often are relevant in such circumstance.
iii Inquiring of the entity's sales and marketing personnel or in-house ;legal counsel regarding sales or shipments near the end of the period and their knowledge of any unusual terms or conditions associated with these transactions.
iv Being physical present at one or more locations at period end to observe goods being shipped or being readied for shipment (or returns awaiting processing) and performing other appropriate sales and inventor cutoff procedures
v For those situations for which revenue transactions are electronically initiated, processed and recorded, testing controls to determine whether they provide assurance that recorded revenue transactions occurred and are properly recorded.
54
D Inventory Quantitiesi Examining the entity's inventory records to identify
locations or items that require specific attention during or after the physical inventory count.
ii Observing inventory counts at certain locations on an unannounced basis or conducting inventory counts at all locations on the same date.
iii Conducting inventory counts are or near the end of the reporting period to minimize the risk of inappropriate manipulation during the period between the count and the end of the reporting period.
iv Performing additional procedures during the observation of the count, for example, more rigorously examining the contents of boxed items, the manner in which the goods are stacked (for example. hallow squares) or labeled, and the quality (that is, purity, grade or concentration) of liquid substance such as perfumes or specialty chemicals, using the work of an expert may be helpful in this regard.
v Comparing the quantities for the current period with prior period by class or category of inventory location or other criteria, or comparison of quantities counted with perpetual records.
vi Using computer-assisted audit techniques to further test the compilation of the physical inventory counts-for example, sorting by tag number to test tag controls or by item serial number to test the possibility of item omission or duplication.
E Management Estimatesi Using an expert to develop an independent estimate for
comparison to management's estimate.ii Extending inquires to individual outside of management and
the accounting department to corroborate management's ability and intent to carry out plans that are relevant to developing the estimate.
55
F Specific Responses - Misstatements due to Misappropriation of Assets
Differing circumstance would necessarily dictate different responses. Ordinarily, the audit response to as risk of material misstatement due to fraud relating to misappropriation of assets will be directed toward certain account balances and classes of transaction. Although some of the audit responses noted in the two categories above may apply in such circumstance, the scope of the work is to be linked to the specific information about the misappropriation risk that has been identified. Examples of responses to the Auditor's assessment of the risk of material misstatements due to misappropriation of assets are as follows:i Counting cash or securities at or near year-endii Confirming directly with customer that account activity
(including credit memo and sales return activityas well as dates payments were made ) for the period under audit
iii Analyzing inventory of written-off accountsiv Analyzing inventory shortages by location or product typev Comparing key inventory ratios to industry normvi Reviewing supporting documentation for reductions to the
perpetual inventory recordvii Performing a computerized match of the vendor list with a
list of employees to identify matches of addresses or phone numbers
viii Performing a computerized search of payroll records to identify duplicated addresses, employee identification or taxing authority numbers or bank accounts
ix Reviewing personnel files for those that contain little or no evidence of activity for example, lack of performance evaluation.
x Analyzing sales discount and returned for unusual patterns or trends.
xi Confirming specific terms of contracts with third parties.xii Obtaining evidence that contracts are being carried out in
accordance with the terms.
56
xiii Reviewing the propriety of large and unusual expensesxiv Reviewing the authorization and carrying value of senior
management and related party loans.xv Reviewing the level and propriety of expenses reports
submitted by senior management.
G Examples of Circumstances that Indicate the Possibility of Fraud
The following are examples of circumstances that may indicate the possibility that the financial statements may contain a material misstatement resulting from fraud.Discrepancies in the accounting record, including the following:i Transactions that are not recorded in a complete or timely
manner or are improperly recorded as to amount, accounting period, classification, or entity policy.
ii Unsupported or unauthorized balance or transactions.iii Last-minute adjustments that significantly affect financial
results.iv Evidence of employee's access to systems and records
inconsistent with that necessary to perform their authorized duties.
v Tips or complaints to the Auditors about alleged fraud.
H Conflicting or missing evidence including the following:i Missing documentsii Documents that appear to have been alterediii Unavailability of other than photocopied or electronically
transmitted documents when documents in original form are expected to exist
iv Significant unexplained items on reconciliationsv Unusual balance sheet changes, or change in trends or
important financial statement ratios or relationships, For example receivables growing faster than revenues.
vi Inconsistent, vague, or implausible responses from management or employees arising from inquires or
57
analytical proceduresvii Unusual discrepancies between the entity's records and
confirmation repliesviii Large numbers of credit entries and other adjustments made
to accounts receivable recordsix Unexplained or inadequately explained difference between
the accoun t s r ece ivab le sub - l edge r and thecontrol account, or between the customer statements and the accounts receivable sub-ledger
x Missing or non existence cancelled checks in circumstances where cancelled cheques are ordinarily returned to the entity with the bank statement
xi Missing inventory or physical assets of significant magnitude.
xii Unavailable or missing electronic evidence, inconsistent with the entity's record retention practice or polices
xiii Fewer responses to confirmations than anticipated or a greater number of responses than anticipated.
xiv Inability to produce evidence of key systems development and program change testing and implementation activities for current -year system changes and deployments.
I Problematic or unusual relationship between the Auditor and management, including the following:i Denial of access to record, facilities, certain employees,
customers, vendors, or others from whomaudit evidence might be sought
ii Undue time pressures imposed by management to resolve complex or contentious issues
iii Complaints by management about the conduct of the audit or management intimidation of engagementteam members, particularly in connection with the auditor's critical assessment of audit evidence or inthe resolution of potential disagreements with management
iv Unusual delay by the entity in providing requested information
v Unwillingness to facilitate Auditor access to key electronic files for testing through the use ofcomputer-assisted audit techniques
vi Denial of access to key operations staff and facilities, including security, operations and systems development personnel
vii An unwillingness to add or revise disclosures in the financial statements to make them more completeand understandable
viii An unwillingness to address identified weaknesses in internal control on a timely basis
Others include the following:ix Unwillingness by management to permit the
Auditor to meet privately with those charged with governance
x Accounting policies that appear to be at variance with industry norms
xi Frequent changes in accounting estimate that do not appear to result from changes circumstance
xii Tolerance of violations of the entity's code of conduct.
EFFECTIVE DATE110. This ASA is effective for audits of Financial Statements for
periods beginning on or after 31st December 2009.
58
